Google Cloud Associate Data Practitioner — Question 54

You work for a financial services company that handles highly sensitive data. Due to regulatory requirements, your company is required to have complete and manual control of data encryption. Which type of keys should you recommend to use for data storage?

Answer options

• A. Use customer-supplied encryption keys (CSEK).
• B. Use a dedicated third-party key management system (KMS) chosen by the company.
• C. Use Google-managed encryption keys (GMEK).
• D. Use customer-managed encryption keys (CMEK).

Correct answer: A

Explanation

The correct choice is A, as customer-supplied encryption keys (CSEK) allow the company to maintain full control over encryption processes, which is crucial for compliance in handling sensitive data. Option B suggests using a third-party key management system, which may not provide the required manual control. Option C, Google-managed encryption keys (GMEK), does not offer the necessary level of control since the management is handled by Google. Option D, customer-managed encryption keys (CMEK), while providing some level of control, does not meet the requirement for complete manual control as effectively as CSEK.